- Products
- Learn
- Local User Groups
- Partners
- More
Check Point Jump-Start Online Training
Now Available on CheckMates for Beginners!
Why do Hackers Love IoT Devices so Much?
Join our TechTalk on Aug 17, at 5PM CET | 11AM EST
Welcome to Maestro Masters!
Talk to Masters, Engage with Masters, Be a Maestro Master!
ZTNA Buyer’s Guide
Zero Trust essentials for your most valuable assets
The SMB Cyber Master
Boost your knowledge on Quantum Spark SMB gateways!
As YOU DESERVE THE BEST SECURITY
Upgrade to our latest GA Jumbo
CheckFlix!
All Videos In One Space
Hi,
We have a some PC's with Endpoint Security installed. The blades that are activated oc the PC's are VPN, Compliance and Firewall. The management server is running R77.30 and the client version is E80.90.
We are using location awareness and auto-connect and hub mode for these clients.
A few weeks back we noticed that if we connected a PC to the LAN all local connected started to fail. We could not get DNS, DHCP or say mount an internal file share. Externally the connections were allowed.
While investigating I found that the firewall logs on the client drops all internal traffic due to (192.168.2.43 is the DNS):
[ 5844 1952] [15 May 13:31:34] FWMSG_RULE_ACTION, dstIp = 192.168.2.43 (port 53)
rule name = DropClrToEnc, src ip = 192.168.10.8, srcport=52405 action=DROP/NOTIFY,
Protocol=ETHERNET/IP, dwSubProtocol=UDP, dwClientId=0
So I've been trying to see where this rule originate from. Since were using the thin client for Endpoint Security it seems like the policy in SmartEndpoint is not utilizied for this client.
I've installed the Checkpoint Mobile client (which is without the firewall) and that allow local connections.
Also, in the installation path for the Endpoint Client there is a file named DisconnectedPolicy.xml which only contains one row:
"FILE DOES NOT EXIST"
Is the solution to check in the ttm-files or how is the disconnected policy applied?
Thanks!
When Checkpoint mobile is isntalled (without the firewall) the connections are allowed.
So this is only happening when firewall is enabled in the client and the client is disconnected due to location awareness.
I've a TAC case opened but I also posted a question here if someone has seen this issue before.
Easy fix. Simply go in the global properties, remote access, vpn - advanced - from there, first section is set to "dropped" by default. Change this to "sent in clear".
Policy install. Once users get re-authenticated, they will retrieve new value. Once they disconnect, they will be able to access internet resources according to your Desktop Security Policy.
probably too late but perhaps others will see this.
cheers.
About CheckMates
Learn Check Point
Advanced Learning
YOU DESERVE THE BEST SECURITY